The present invention relates to a method and a system for allowing multiple applications to manage their respective data in a device (100, 200) having a secure environment (104, 204, 211) to which access is strictly controlled. The idea of the invention is that a storage area is allocated (301) within the secure environment (104, 204, 211) of a device (100, 200). The storage area is associated (302) with an identity of an application, the associated identity is stored (303) in the secure environment (104, 204, 211) and access to the storage area is controlled (304) by verifying correspondence between the associated identity and the identity of an accessing application. This is advantageous, since it is possible for the accessing application to read, write and modify objects, such as cryptographic keys, intermediate cryptographic calculation results and passwords, in the allocated storage area.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A method comprising: allocating a storage area configured to store data for an application of a multiple of applications within a secure environment of a device to which access is restricted; associating the storage area with an application identity of said application of said multiple applications to generate an associated identity, wherein said application identity of said application of said multiple of applications is generated by the device; storing the associated identity within the secure environment; and controlling access to the storage area by verifying correspondence between the associated identity and an accessing application identity so that only said application of said multiple applications can access the storage area; wherein the application identity of said application is a digital signature created based on a private key, the digital signature being attached to said application, and the verification of the application identity is performed by verifying the digital signature with a public key that corresponds to said private key.
2. The method according to claim 1 , wherein the allocating of a storage area, associating the storage area with the application identity, storing the associated identity and controlling the access to the storage area are performed for an application of a first party and, subsequently, the same actions are performed for an application of a second party independent of the first party.
3. The method according to claim 1 , wherein the device stores a digital certificate issued by a trusted certification authority.
4. The method according to claim 1 , wherein the secure environment comprises a smart card.
5. The method according to claim 1 , wherein the allocating a storage area, associating the storage area with the application identity, storing the associated identity and controlling the access to the storage area are performed for an application of a first party and, subsequently, the same actions are performed for an application of a second party independent of the first party.
6. An apparatus comprising a control processing unit configured to: allocate a storage area configured to store data for an application of a multiple of applications within a secure environment of a device to which access is restricted; associate the storage area with an application identity of said application of said multiple applications to generate an associated identity, wherein said application identity of said application of said multiple of applications is generated by the device; store the associated identity within the secure environment; and control access to the storage area by verifying correspondence between the associated identity and an accessing application identity so that only said application of said multiple applications can access the storage area; wherein the application identity of said application is a digital signature created based on a private key, the digital signature being attached to said application, and the verification of the application identity is performed by decrypting the digital signature with a public key that corresponds to said private key.
7. The apparatus according to claim 6 , wherein the device is configured to store a digital certificate issued by a certification authority.
8. The apparatus according to claim 6 , wherein the secure environment comprises a smart card.
9. Circuitry for providing data security comprising: at least one storage circuit comprising at least one storage area configured to store data for an application of a multiple of applications within a secure environment of a device to which access is restricted; at least one processor configured to: associate the at least one storage area with an application identity of said application of said multiple applications to generate an associated identity, wherein said application identity of said application of said multiple of applications is generated by the device; and store the associated identity within the secure environment; and a register configured to enable said at least one processor to control access to said at least one storage area by verifying correspondence between the associated identity and an accessing application identity so that only said application of said multiple applications can access the at least one storage area; wherein the application identity of said application is a digital signature created based on a private key, the digital signature being attached to said application, and the verification of the application identity is performed by decrypting the digital signature with a public key that corresponds to said private key.
10. A mobile telecommunication terminal comprising circuitry for providing data security according to claim 9 .
11. A computer-readable non-transitory storage medium storing computer-executable components, which when executed by a processor, performs: allocating a storage area configured to store data for an application of a multiple of applications within a secure environment of a device to which access is restricted; associating the storage area with an application identity of said application of said multiple applications to generate an associated identity, wherein said application identity of said application of said multiple of applications is generated by the device; storing the associated identity within the secure environment; and controlling access to the storage area by verifying correspondence between the associated identity and an accessing application identity so that only said application of said multiple applications can access the storage area; wherein the application identity of said application is a digital signature created based on a private key, the digital signature being attached to said application, and the verification of the application identity is performed by verifying the digital signature with a public key that corresponds to said private key.
12. An apparatus comprising: a processor configured for allocating a storage area configured to store data for an application of a multiple of applications within a secure environment of a device to which access is restricted; the processor further configured for associating the storage area with an application identity of said application of said multiple applications to generate an associated identity, wherein said application identity of said application of said multiple of applications is generated by the device; the storage area configured for storing the associated identity within the secure environment; and the processor further configured for controlling access to the storage area by verifying correspondence between the associated identity and an accessing application identity so that only said application of said multiple applications can access the storage area; wherein the application identity of said application is a digital signature created based on a private key, the digital signature being attached to said application, and the verification of the application identity is performed by verifying the digital signature with a public key that corresponds to said private key.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
July 6, 2004
October 30, 2012
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.